Try our new research platform with insights from 80,000+ expert users

Cisco Identity Services Engine (ISE) vs One Identity Safeguard comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
8.4
Cisco Identity Services Engine enhances security, reduces breaches, ensures compliance, simplifies management, and consolidates systems for cost savings and efficiency.
Sentiment score
7.0
One Identity Safeguard enhances security and compliance, ensuring PCI-DSS compliance, reducing risks, and improving operational efficiency with substantial ROI.
Direct comparisons with Forescout reveal up to 30% to 40% difference in cost savings.
Any PAM solution, when I deploy it well and customers use it, leads to a return on investment.
 

Customer Service

Sentiment score
5.9
Cisco ISE support is praised for knowledge and responsiveness, yet occasionally inconsistent with integration and follow-up challenges.
Sentiment score
6.5
One Identity Safeguard’s customer service is praised for responsiveness and efficiency, but standard support faces mixed reviews.
I rate the technical support as one out of ten.
Sometimes it's challenging to identify which support team is responsible for certain issues, which is a significant concern.
I sometimes need escalations to reach expertise.
Sometimes, I get a very helpful response and they address issues on a call.
When I have day-to-day incidents and problems, the response is good enough in terms of time and quality.
 

Scalability Issues

Sentiment score
7.3
Cisco Identity Services Engine (ISE) offers high scalability, supporting large deployments and enterprise expansions despite hardware and setup challenges.
Sentiment score
7.1
One Identity Safeguard is praised for scalability and ease of resource deployment but may affect performance and high availability.
Factors like architecture, business nature, and legal limitations such as GDPR affect it.
The scalability of One Identity Safeguard is perfect, scoring ten out of ten.
We have a cluster of SPPs and a cluster of SPSs, and we can add a node to that cluster without much fuss.
I would rate it a nine out of ten for scalability.
 

Stability Issues

Sentiment score
7.7
Cisco ISE is highly reliable and stable, though larger deployments may experience occasional performance and configuration challenges.
Sentiment score
7.5
One Identity Safeguard is highly stable and reliable, with minor issues promptly addressed through regular updates.
Cisco Identity Services Engine (ISE) is considered very reliable and stable.
The stability of Cisco Identity Services Engine (ISE) is poor for certain use cases, like authentication.
I would rate it a nine out of ten for stability.
In terms of stability, I rate One Identity Safeguard nine to ten out of ten.
I encounter problems primarily with the failover procedure.
 

Room For Improvement

Cisco Identity Services Engine requires improved integration, user interface, documentation, compatibility, and management efficiency to enhance user experience.
One Identity Safeguard needs improvements in integration, management, documentation, interface, support, monitoring, threat detection, and pricing.
The whole setup works well with Cisco access points and Cisco switches, but when you have multiple vendors in the environment, such as HP switches or access points like Aruba, you'll find they will not work well with Cisco Identity Services Engine (ISE).
Pricing can be more expensive compared to other vendors, and there is a significant price gap observed, which doesn't seem justified by some specific features.
They are very poor in asset classification and should focus on improving the preauthentication profiling, especially for NAC use cases.
For some configurations on the SPS side, if I need to make changes, such as for DNS servers, I must redeploy the machine.
There are many steps. We are still in the onboarding phase, and it seems very manual.
Another area for improvement could be the threat detection capabilities, like those seen in other PAM vendors.
 

Setup Cost

Cisco ISE offers three pricing tiers, with high costs and complex licensing, but provides extensive features and potential discounts.
One Identity Safeguard is costly but valued for flexibility and robust security, with straightforward licensing and worthwhile investment.
Compared to other solutions like HPE ClearPass, Cisco is more costly, and the conversation suggests a possible forty percent price gap compared to competitors.
The license costs can range between $50,000 to $100,000 per year for enterprises.
Cloud solutions are expensive, while on-prem setups with shared environments are cheaper but not effective.
It is one of those where the more you buy, the cheaper it is.
It is cheaper than CyberArk.
It is more expensive than Secret Server but way less expensive than CyberArk.
 

Valuable Features

Cisco ISE enhances network security with integration, 802.1X authentication, policy management, ease of use, and strong access control.
One Identity Safeguard enhances security with seamless user experience, extensive features, centralized access, and robust monitoring for on-prem and cloud management.
Cisco Identity Services Engine (ISE) offers authentication using RADIUS, enhancing network security by separating and segregating networks.
The solution is integrated with other Cisco devices and can offer automation for an organization, making deployments more dynamic and providing real-time visibility.
Cisco Identity Services Engine (ISE) is very good at device administration.
The auditing and approval mechanisms are features we did not have before and are greatly appreciated.
I think One Identity should improve its documentation because it is vast and not clear, and clear documentation on implementing the solution would be advantageous for consultants.
Compared to other PAM solutions, it is easy to implement and use from an administrator's point of view.
 

Categories and Ranking

Cisco Identity Services Eng...
Average Rating
8.2
Reviews Sentiment
6.7
Number of Reviews
142
Ranking in other categories
Network Access Control (NAC) (1st), Cisco Security Portfolio (1st)
One Identity Safeguard
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
45
Ranking in other categories
User Entity Behavior Analytics (UEBA) (7th), Privileged Access Management (PAM) (4th), Non-Human Identity Management (NHIM) (4th)
 

Mindshare comparison

Cisco Identity Services Engine (ISE) and One Identity Safeguard aren’t in the same category and serve different purposes. Cisco Identity Services Engine (ISE) is designed for Network Access Control (NAC) and holds a mindshare of 26.3%, down 31.4% compared to last year.
One Identity Safeguard, on the other hand, focuses on Privileged Access Management (PAM), holds 4.2% mindshare, down 4.7% since last year.
Network Access Control (NAC)
Privileged Access Management (PAM)
 

Featured Reviews

SunilkumarNaganuri - PeerSpot reviewer
Enhanced device administration hindered by complex deployment and security limitations
Cisco Identity Services Engine (ISE) needs to improve the profiling preauthentication. They are very poor in asset classification and should focus on improving the preauthentication profiling, especially for NAC use cases. This will give them a roadmap for software-defined access (SDA) use cases and network segmentation. Threat detection capabilities are very weak. Additionally, the product is vulnerable and has many bugs.
Tor Nordhagen - PeerSpot reviewer
Transparent mode for privileged sessions will greatly simplify our client's administrative situation
We're introducing the solution's transparent mode for privileged sessions. This is part of what the client hasn't used before. It will simplify their administrative situation greatly. So far, the rollout of this feature has been a seamless process, but we're still in the midst of rolling it out. The benefits will be on the risk side. Right now, the way accounts are managed, you don't necessarily know who is using an account. There's a shared admin account, and that's not a good thing. And those accounts are shared in wallets by several people. One of the real benefits of safeguarding here is that the client will have an absolute audit of who is using an administrative interface, whether it's server or network.
report
Use our free recommendation engine to learn which Network Access Control (NAC) solutions are best for your needs.
848,253 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
25%
Computer Software Company
14%
Financial Services Firm
8%
Government
7%
Computer Software Company
25%
Financial Services Firm
11%
Government
6%
Energy/Utilities Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is better - Aruba Clearpass or Cisco ISE?
Aruba ClearPass is a Network Access Control tool that gives secure network access to multiple device types. You can adapt the policies to VPN access, wired, or wireless access. You can securely ...
What are the main differences between Cisco ISE and Forescout Platform?
OK, so Cisco ISE uses 802.1X to secure switchports against unauthorized access. The drawback of this is that ISE cannot secure the port if a device does not support 802.1x. Cameras, badge readers, ...
How does Cisco ISE compare with Fortinet FortiNAC?
Cisco ISE uses AI endpoint analytics to identify new devices based on their behavior. It will also notify you if someone plugs in with a device that is not allowed and will block it. The user exper...
What do you like most about One Identity Safeguard?
The identity discovery is good, and the performance is pretty good value.
What is your experience regarding pricing and costs for One Identity Safeguard?
One Identity Safeguard is expensive. The license is around $3,000 per month.
What needs improvement with One Identity Safeguard?
I find it complicated to implement HTTPS monitoring because the documentation is unclear. The disaster recovery process is complicated for me. For some configurations on the SPS side, if I need to ...
 

Also Known As

Cisco ISE
No data available
 

Overview

 

Sample Customers

Aegean Motorway, BC Hydro, Beachbody, Bucks County Intermediate Unit , Cisco IT, Derby City Council, Global Banking Customer, Gobierno de Castilla-La Mancha, Houston Methodist, Linz AG, London Hydro, Ministry of Foreign Affairs, Molina Healthcare, MST Systems, New South Wales Rural Fire Service, Reykjavik University, Wildau University
Cavium
Find out what your peers are saying about Cisco, Hewlett Packard Enterprise, Fortinet and others in Network Access Control (NAC). Updated: April 2025.
848,253 professionals have used our research since 2012.